On Thursday 14 August 2008 03:26, Cristian Cadar wrote: > http://bugs.busybox.net/view.php?id=4594 > > Test case: ./nmeter - > > The problem in in nmeter.c: > > 776: char buf[32]; > ... > > 790: if (open_read_close("version", buf, sizeof(buf)) > 0) > 791: is26 = (strstr(buf, " 2.4.")==NULL); > > At line 790, up to 32 chars are read into buf. If all 32 chars are > used, there's no space left for a terminating zero, and strstr will > read out-of-bounds memory. The fix would be to either resize buf or > read only up to sizeof(buf)-1 char, and to terminate buf with a '\0'.
Fixed, thanks -- vda _______________________________________________ busybox mailing list [email protected] http://busybox.net/cgi-bin/mailman/listinfo/busybox
